Re: [SECURITY] [DSA 4078-1] linux security update
On Thu, 11 Jan 2018, Frank Nord wrote:
> I've problems applying this on my mac mini (Intel(R) Core(TM) 2 Duo CPU,
> P7550 @ 2.6 GHz).
...
> 3.20170707.1~deb9u1 from stretch. What's the recommended
> microcode-version for this kernel?
The one you have is currently fine. Intel has not published
Spectre-related microcode mitigation for the Core 2 duo, at least not
yet.
Maybe they will update the Core2 duo, maybe they will not... It is a
very old model, the microcode might not have enough control there to do
it without disabling way way too much stuff (and thus incurring an
absurd performance regression).
When the microcode doesn't have the Spectre mitigation support for
whatever reason (or you opt to not use it because it is too slow, etc),
"retpoline" software mitigation should do the job just fine to protect
against the currently known variants of spectre.
However, retpoline support is not ready yet. It is being worked on the
kernel upstream, and it requires compiler support, too... which is also
being worked at gcc and clang upstream.
We have a couple interesting weeks ahead of us, with lots of -security
and stable updates to do :p
--
Henrique Holschuh
Reply to: